> For the complete documentation index, see [llms.txt](https://docs.nulth.xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nulth.xyz/how-nulth-works/auditor-disclosure.md).

# Auditor disclosure

The same machinery that hides a policy can also **prove properties about it** to a third party — without revealing it. This is how a Nulth account satisfies an auditor.

## Prove `cap ≤ regulatory_max`

A correspondent bank or compliance desk needs to know a treasury's spending policy stays within an AML/transaction limit — but has no right to see the limit itself. Nulth's disclosure circuit proves exactly that:

|             | Signals                               |
| ----------- | ------------------------------------- |
| **Public**  | `policy_commitment`, `regulatory_max` |
| **Private** | `cap`, `salt`                         |

It enforces:

1. **Commitment opening** — `Poseidon(cap, salt) == policy_commitment`, so the proof is about *this account's real cap*, not an arbitrary number; and
2. **Bound** — `cap ≤ regulatory_max`.

The auditor learns a single bit — *the cap is within the limit* — and nothing more. If the cap exceeds the limit, no proof can be produced.

## Verified on the same verifier

The disclosure proof is checked by the **same shared BN254 Groth16 verifier** the account uses, at ≈ **28.5M instructions** (\~7% of the transaction budget). Nothing new is deployed to disclose.

## Trust note

`regulatory_max` is supplied by the auditing party (for example, published by a Stellar anchor or KYC provider) — an oracle-trust assumption, stated plainly. The proof binds to the account's on-chain `policy_commitment`, so the auditor knows it is verifying *this* treasury's committed cap, not a value the operator invented for the occasion.

## Beyond Tier-1

The shipped disclosure is the cap bound. The natural extension is **set-containment** — proving the account's allowlist is a subset of an authority's screened set (sanctions / eligibility) without revealing either set. That is a harder circuit and is on the roadmap; the cap disclosure works today.

Next: guides — [create & fund an account](/guides/create-and-fund.md), or the [security model](/trust-and-security/security-model.md).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.nulth.xyz/how-nulth-works/auditor-disclosure.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
